May 2018 – Attacking the Gatekeeper

exploits_of_a_mom-xkcd

(source: xkcd.com; Don’t forget Mother’s Day!)

It’s scheduled! Mark your calendars to join us on May 10th at R&K Solutions for more experts sharing their trade craft. Harrison Neal, Security Engineer with PatchAdvisor, joins us to present a couple of (now patched) vulnerabilities he reported in the RSA authentication agent for IIS. If you’re interested in vulnerability research and details you’ll want to be at this meeting. Come for the tech, stay for the networking and refreshments!

Date and Location:
May 10th, 2018 @ 5:30 PM

R&K Solutions
2797 Frontage Rd NW
Roanoke, VA 24017
Google Maps Link

Topic: Attacking the gatekeeper: RSA’s Authentication Agent for IIS

Summary: This presentation will discuss two vulnerabilities recently discovered and patched in RSA’s software to enable two-factor authentication in IIS-hosted web applications. These vulnerabilities could enable an unprivileged domain user to impersonate other users, or crash IIS. While the vulnerabilities are fairly straightforward, there are some peculiarities that will be explored, such as exploiting one vulnerability through a named pipe rather than typical IP sockets. The presentation will also review known available mitigations for administrators.

Speaker Bio: Harrison Neal alternates between pentesting and security research roles, primarily around the DC metro area. His free time is typically spent metaphorically poking bears, enjoying the company of cats, playing Pokemon Go, or getting locked in Shenandoah National Park after hours.

Advertisements

April Intro to KALI Meeting Notes

Thanks to Nate Sykes and R&K Solutions for hosting our April ‘Intro to KALI’ meeting! Rob Garbee reviewed some of the popular tools included in the KALI Linux distribution. Rob’s presentation can be downloaded using the link below.

We’re lining up events for the coming months. If you have a topic or idea of interest to the group, please drop us a line at roanokeinfosec@gmail.com.

Rob’s ‘Intro to Kali’ presentation

April 2018 – Intro to KALI

FINALLY!

It’s really gonna happen this time.  Seriously, I mean it.

KALI

After multiple attempts to get this one in we’re really gonna do it this time.

Our next meeting will be on April 12th at R&K Solutions in Roanoke, VA. at 5:30pm.  Our subject will be an Intro to KALI Linux.   If you don’t know what KALI Linux is or if you do but want to know a little more have we got a meeting for you!  This operating system  is the defacto standard for Pen Testing.  We will be going through some of the more popular tools such as Metasploit, SPARTA, NMAP and OpenVAS as well as Offensive Security cert paths.

Please come out and join us.

Address: R&K Solutions,  2797 Frontage Rd NW, Roanoke, VA 24017

More info about KALI below:

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.